Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0185 1 Apple 2 Mac Os X, Mac Os X Server 2012-01-13 4.4 MEDIUM N/A
Format string vulnerability in the debug-logging feature in Application Firewall in Apple Mac OS X before 10.7.2 allows local users to gain privileges via a crafted name of an executable file.
CVE-2011-0229 1 Apple 2 Mac Os X, Mac Os X Server 2012-01-13 6.8 MEDIUM N/A
Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not properly handle embedded Type 1 fonts, which allows remote attackers to execute arbitrary code via a crafted document that triggers an out-of-bounds memory access.
CVE-2011-0230 1 Apple 2 Mac Os X, Mac Os X Server 2012-01-13 7.5 HIGH N/A
Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2011-0231 1 Apple 2 Mac Os X, Mac Os X Server 2012-01-13 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue."
CVE-2011-0260 1 Apple 2 Mac Os X, Mac Os X Server 2012-01-13 4.6 MEDIUM N/A
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.
CVE-2011-0204 1 Apple 3 Imageio, Mac Os X, Mac Os X Server 2011-11-23 6.8 MEDIUM N/A
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.
CVE-2008-7303 1 Apple 1 Mac Os X 2011-11-20 7.6 HIGH N/A
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.
CVE-2011-3998 1 Apple 1 Webobjects 2011-11-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3440 1 Apple 2 Ipad2, Iphone Os 2011-11-14 1.2 LOW N/A
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVE-2011-1132 1 Apple 2 Mac Os X, Mac Os X Server 2011-10-26 4.9 MEDIUM N/A
The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.
CVE-2011-0197 1 Apple 2 Mac Os X, Mac Os X Server 2011-10-26 2.1 LOW N/A
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.
CVE-2011-0198 1 Apple 2 Mac Os X, Mac Os X Server 2011-10-26 6.8 MEDIUM N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
CVE-2011-0199 1 Apple 2 Mac Os X, Mac Os X Server 2011-10-26 5.8 MEDIUM N/A
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
CVE-2011-0203 1 Apple 1 Mac Os X Server 2011-10-26 5.0 MEDIUM N/A
Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.
CVE-2011-0205 1 Apple 3 Imageio, Mac Os X, Mac Os X Server 2011-10-26 6.8 MEDIUM N/A
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.
CVE-2011-0207 1 Apple 2 Mac Os X, Mac Os X Server 2011-10-26 5.0 MEDIUM N/A
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.
CVE-2011-0210 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2011-10-26 6.8 MEDIUM N/A
QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.
CVE-2011-0212 1 Apple 1 Mac Os X Server 2011-10-26 6.4 MEDIUM N/A
servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
CVE-2011-0226 2 Apple, Freetype 2 Iphone Os, Freetype 2011-10-25 9.3 HIGH N/A
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
CVE-2011-1288 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2011-10-20 9.3 HIGH N/A
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.